Latest RAT news

Hackers phish finance orgs using trojanized Minesweeper clone

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.
- Bill Toulas
- May 26, 2024
- 10:16 AM
- 0
Fake job interviews target developers with new Python backdoor

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
- Bill Toulas
- April 26, 2024
- 10:20 AM
- 2
New Brokewell malware takes over Android devices, steals data

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches.
- Bill Toulas
- April 25, 2024
- 06:00 AM
- 2
Firebird RAT creator and seller arrested in the U.S. and Australia

A joint police operation between the Australian Federal Police (AFP) and the FBI has led to the arrest and charging of two individuals who are believed to be behind the development and distribution of the "Firebird" remote access trojan (RAT), later rebranded as "Hive."
- Bill Toulas
- April 13, 2024
- 10:17 AM
- 1
Visa warns of new JSOutProx malware variant targeting financial orgs

Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
- Bill Toulas
- April 04, 2024
- 03:29 PM
- 0
DinodasRAT malware targets Linux servers in espionage campaign

Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022.
- Bill Toulas
- March 31, 2024
- 10:35 AM
- 0
New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
- Bill Toulas
- February 29, 2024
- 04:36 PM
- 0
Hackers used new Windows Defender zero-day to drop DarkMe malware

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
- Sergiu Gatlan
- February 13, 2024
- 03:52 PM
- 0
FBI seizes Warzone RAT infrastructure, arrests malware vendor

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
- Bill Toulas
- February 12, 2024
- 06:09 PM
- 1
New NKAbuse malware abuses NKN blockchain for stealthy comms

A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.
- Bill Toulas
- December 14, 2023
- 05:15 PM
- 0
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug

The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
- Bill Toulas
- December 11, 2023
- 04:25 PM
- 0
Krasue RAT malware hides on Linux servers using embedded rootkits

Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021.
- Bill Toulas
- December 07, 2023
- 01:00 AM
- 0
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs

The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
- Bill Toulas
- November 08, 2023
- 04:32 AM
- 0
Fake WinRAR proof-of-concept exploit drops VenomRAT malware

A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
- Bill Toulas
- September 20, 2023
- 10:49 AM
- 0
'Redfly' hackers infiltrated power supplier's network for 6 months

An espionage threat group tracked as 'Redfly' hacked a national electricity grid organization in Asia and quietly maintained access to the breached network for six months.
- Bill Toulas
- September 12, 2023
- 06:00 AM
- 0
Hackers use public ManageEngine exploit to breach internet org

The North Korean state-backed hacker group tracked as Lazarus has been exploiting a critical vulnerability (CVE-2022-47966) in Zoho's ManageEngine ServiceDesk to compromise an internet backbone infrastructure provider and healthcare organizations.
- Bill Toulas
- August 24, 2023
- 08:31 AM
- 0
Amazon's AWS SSM agent can be used as post-exploitation RAT malware

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform's System Manager (SSM) agent as an undetectable Remote Access Trojan (RAT).
- Bill Toulas
- August 02, 2023
- 11:18 AM
- 4
AVrecon malware infects 70,000 Linux routers to build botnet

Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers and add them to a botnet designed to steal bandwidth and provide a hidden residential proxy service.
- Sergiu Gatlan
- July 14, 2023
- 02:35 AM
- 3
RomCom hackers target NATO Summit attendees in phishing attacks

A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania.
- Bill Toulas
- July 10, 2023
- 04:44 PM
- 0
New EarlyRAT malware linked to North Korean Andariel hacking group

Security analysts have discovered a previously undocumented remote access trojan (RAT) named 'EarlyRAT,' used by Andariel, a sub-group of the Lazarus North Korean state-sponsored hacking group.
- Bill Toulas
- June 29, 2023
- 01:39 PM
- 0